Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
Azure AD Web Sign-in CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability
Azure DevOps CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Azure DevOps CVE-2021-28459 Azure DevOps Server Spoofing Vulnerability
Azure Sphere CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability
Microsoft Edge (Chromium-based) CVE-2021-21226 Chromium: CVE-2021-21226 Use after free in navigation
Microsoft Edge (Chromium-based) CVE-2021-21222 Chromium: CVE-2021-21222 Heap buffer overflow in V8
Microsoft Edge (Chromium-based) CVE-2021-21223 Chromium: CVE-2021-21223 Integer overflow in Mojo
Microsoft Edge (Chromium-based) CVE-2021-21225 Chromium: CVE-2021-21225 Out of bounds memory access in V8
Microsoft Edge (Chromium-based) CVE-2021-21224 Chromium: CVE-2021-21224 Type Confusion in V8
Microsoft Edge (Chromium-based) CVE-2021-21233 Chromium: CVE-2021-21233 Heap buffer overflow in ANGLE
Microsoft Edge (Chromium-based) CVE-2021-21228 Chromium: CVE-2021-21228 Insufficient policy enforcement in extensions
Microsoft Edge (Chromium-based) CVE-2021-21227 Chromium: CVE-2021-21227 Insufficient data validation in V8
Microsoft Edge (Chromium-based) CVE-2021-21232 Chromium: CVE-2021-21232 Use after free in Dev Tools
Microsoft Edge (Chromium-based) CVE-2021-21195 Chromium: CVE-2021-21195 Use after free in V8
Microsoft Edge (Chromium-based) CVE-2021-21196 Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip
Microsoft Edge (Chromium-based) CVE-2021-21219 Chromium: CVE-2021-21219 Uninitialized Use in PDFium
Microsoft Edge (Chromium-based) CVE-2021-21194 Chromium: CVE-2021-21194 Use after free in screen capture
Microsoft Edge (Chromium-based) CVE-2021-21197 Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip
Microsoft Edge (Chromium-based) CVE-2021-21206 Chromium: CVE-2021-21206 Use after free in Blink
Microsoft Edge (Chromium-based) CVE-2021-21220 Chromium: CVE-2021-21220 Insufficient validation of untrusted input in V8 for x86_64
Microsoft Edge (Chromium-based) CVE-2021-21198 Chromium: CVE-2021-21198 Out of bounds read in IPC
Microsoft Edge (Chromium-based) CVE-2021-21199 Chromium: CVE-2021-21199 Use Use after free in Aura
Microsoft Edge (Chromium-based) CVE-2021-21229 Chromium: CVE-2021-21229 Incorrect security UI in downloads
Microsoft Edge (Chromium-based) CVE-2021-21212 Chromium: CVE-2021-21212 Incorrect security UI in Network Config UI
Microsoft Edge (Chromium-based) CVE-2021-21213 Chromium: CVE-2021-21213 Use after free in WebMIDI
Microsoft Edge (Chromium-based) CVE-2021-21211 Chromium: CVE-2021-21211 Inappropriate implementation in Navigation
Microsoft Edge (Chromium-based) CVE-2021-21209 Chromium: CVE-2021-21209 Inappropriate implementation in storage
Microsoft Edge (Chromium-based) CVE-2021-21210 Chromium: CVE-2021-21210 Inappropriate implementation in Network
Microsoft Edge (Chromium-based) CVE-2021-21217 Chromium: CVE-2021-21217 Uninitialized Use in PDFium
Microsoft Edge (Chromium-based) CVE-2021-21218 Chromium: CVE-2021-21218 Uninitialized Use in PDFium
Microsoft Edge (Chromium-based) CVE-2021-21216 Chromium: CVE-2021-21216 Inappropriate implementation in Autofill
Microsoft Edge (Chromium-based) CVE-2021-21214 Chromium: CVE-2021-21214 Use after free in Network API
Microsoft Edge (Chromium-based) CVE-2021-21215 Chromium: CVE-2021-21215 Inappropriate implementation in Autofill
Microsoft Edge (Chromium-based) CVE-2021-21202 Chromium: CVE-2021-21202 Use after free in extensions
Microsoft Edge (Chromium-based) CVE-2021-21203 Chromium: CVE-2021-21203 Use after free in Blink
Microsoft Edge (Chromium-based) CVE-2021-21201 Chromium: CVE-2021-21201 Use after free in permissions
Microsoft Edge (Chromium-based) CVE-2021-21230 Chromium: CVE-2021-21230 Type Confusion in V8
Microsoft Edge (Chromium-based) CVE-2021-21231 Chromium: CVE-2021-21231 Insufficient data validation in V8
Microsoft Edge (Chromium-based) CVE-2021-21207 Chromium: CVE-2021-21207 Use after free in IndexedDB
Microsoft Edge (Chromium-based) CVE-2021-21208 Chromium: CVE-2021-21208 Insufficient data validation in QR scanner
Microsoft Edge (Chromium-based) CVE-2021-21221 Chromium: CVE-2021-21221 Insufficient validation of untrusted input in Mojo
Microsoft Edge (Chromium-based) CVE-2021-21204 Chromium: CVE-2021-21204 Use after free in Blink
Microsoft Edge (Chromium-based) CVE-2021-21205 Chromium: CVE-2021-21205 Insufficient policy enforcement in navigation
Microsoft Exchange Server CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2021-28318 Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability
Microsoft Internet Messaging API CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability
Microsoft NTFS CVE-2021-27096 NTFS Elevation of Privilege Vulnerability
Microsoft NTFS CVE-2021-28312 Windows NTFS Denial of Service Vulnerability
Microsoft Office Excel CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office Outlook CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability
Microsoft Office SharePoint CVE-2021-28450 Microsoft SharePoint Denial of Service Update
Microsoft Office Word CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability
Microsoft Windows Codecs Library CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability
Microsoft Windows DNS CVE-2021-28328 Windows DNS Information Disclosure Vulnerability
Microsoft Windows DNS CVE-2021-28323 Windows DNS Information Disclosure Vulnerability
Microsoft Windows Speech CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability
Microsoft Windows Speech CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability
Microsoft Windows Speech CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability
Open Source Software CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
Role: Hyper-V CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability
Role: Hyper-V CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability
Role: Hyper-V CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability
Role: Hyper-V CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability
Visual Studio CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability
Visual Studio Code CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code - GitHub Pull Requests and Issues Extension CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
Visual Studio Code - Kubernetes Tools CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
Visual Studio Code - Maven for Java Extension CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
Windows Application Compatibility Cache CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability
Windows AppX Deployment Extensions CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability
Windows Console Driver CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability
Windows Console Driver CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability
Windows Diagnostic Hub CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Windows Diagnostic Hub CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Windows Diagnostic Hub CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Windows Early Launch Antimalware Driver CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
Windows ELAM CVE-2021-27094 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
Windows Event Tracing CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing CVE-2021-28435 Windows Event Tracing Information Disclosure Vulnerability
Windows Installer CVE-2021-26413 Windows Installer Spoofing Vulnerability
Windows Installer CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2021-28437 Windows Installer Information Disclosure Vulnerability
Windows Kernel CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2021-28309 Windows Kernel Information Disclosure Vulnerability
Windows Media Player CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability
Windows Media Player CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability
Windows Network File System CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability
Windows Overlay Filter CVE-2021-26417 Windows Overlay Filter Information Disclosure Vulnerability
Windows Portmapping CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability
Windows Registry CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Resource Manager CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
Windows Secure Kernel Mode CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Windows Services and Controller App CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability
Windows SMB Server CVE-2021-28324 Windows SMB Information Disclosure Vulnerability
Windows SMB Server CVE-2021-28325 Windows SMB Information Disclosure Vulnerability
Windows TCP/IP CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability
Windows TCP/IP CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability
Windows TCP/IP CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability
Windows Win32K CVE-2021-27072 Win32k Elevation of Privilege Vulnerability
Windows Win32K CVE-2021-28310 Win32k Elevation of Privilege Vulnerability
Windows WLAN Auto Config Service CVE-2021-28316 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability

CVE-2021-27067 - Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27067
MITRE
NVD
CVE Title: Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
CVSS:

CVSS:3.0 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Azure DevOps Server pipeline configuration variables and secrets.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27067
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure DevOps Server 2019 Update 1 Release Notes (Security Update) Important Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe
Azure DevOps Server 2019 Update 1.1 Release Notes (Security Update) Important Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe
Azure DevOps Server 2019.0.1 Release Notes (Security Update) Important Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe
Azure DevOps Server 2020 Release Notes (Security Update) Important Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe
Team Foundation Server 2015 Update 4.2 Release Notes (Security Update) Important Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe
Team Foundation Server 2017 Update 3.1 Release Notes (Security Update) Important Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe
Team Foundation Server 2018 Update 1.2 Release Notes (Security Update) Important Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe
Team Foundation Server 2018 Update 3.2 Release Notes (Security Update) Important Information Disclosure None Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27067 None

CVE-2021-27072 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27072
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.0/6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27072
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27072 pgboy


CVE-2021-27079 - Windows Media Photo Codec Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27079
MITRE
NVD
CVE Title: Windows Media Photo Codec Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.7/5.0
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27079
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27079 Ivan Fratric of Google Project Zero


CVE-2021-27088 - Windows Event Tracing Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27088
MITRE
NVD
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27088
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27088 Zhang WangJunJie and He YiSheng of Hillstone Network Neuron Security Team


Yuki Chen


Jarvis_1oop


ziming zhang of Ant Security Light-Year Lab


Wen


CVE-2021-27089 - Microsoft Internet Messaging API Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27089
MITRE
NVD
CVE Title: Microsoft Internet Messaging API Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27089
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27089 lm0963 and hackyzh at Zion Lab of DBAppSecurity


CVE-2021-27090 - Windows Secure Kernel Mode Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27090
MITRE
NVD
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27090
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27090 Saar Amar, Microsoft Security Response Center


CVE-2021-27091 - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27091
MITRE
NVD
CVE Title: RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/7.0
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27091
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27091 None

CVE-2021-27092 - Azure AD Web Sign-in Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27092
MITRE
NVD
CVE Title: Azure AD Web Sign-in Security Feature Bypass Vulnerability
CVSS:

CVSS:3.0 6.8/5.9
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27092
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 6.8
Temporal: 5.9
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27092 None

CVE-2021-27093 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27093
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27093
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27093 Anonymous Finder


CVE-2021-27094 - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27094
MITRE
NVD
CVE Title: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVSS:

CVSS:3.0 4.4/3.9
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27094
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Security Feature Bypass 5000807 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Security Feature Bypass 5000807 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Security Feature Bypass 5000847
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Security Feature Bypass 5000847
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27094 Maxim Suhanov of BI.ZONE


CVE-2021-27095 - Windows Media Video Decoder Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27095
MITRE
NVD
CVE Title: Windows Media Video Decoder Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is user interaction required to exploit this vulnerability?

Yes. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27095
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27095 yangkang (@dnpushme)


CVE-2021-27096 - NTFS Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-27096
MITRE
NVD
CVE Title: NTFS Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-27096
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-27096 0xea31


CVE-2021-26413 - Windows Installer Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26413
MITRE
NVD
CVE Title: Windows Installer Spoofing Vulnerability
CVSS:

CVSS:3.0 6.2/5.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26413
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Spoofing 5000807 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Spoofing 5000807 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Spoofing 5000803
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Spoofing 5000803
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Spoofing 5000809 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Spoofing 5000809 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Spoofing 5000809 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Spoofing 5000822
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Spoofing 5000822
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Spoofing 5000822
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Spoofing 5000808
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Spoofing 5000808
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Spoofing 5000808
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Spoofing 5000802
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Spoofing 5000802
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Spoofing 5000802
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Spoofing 5000802
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Spoofing 5000802
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Spoofing 5000802
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Spoofing 5000841
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Spoofing 5000841
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Spoofing 5000848
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Spoofing 5000848
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Spoofing 5000848
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Spoofing 5000844
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Spoofing 5000844
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Spoofing 5000844
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Spoofing 5000844
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Spoofing 5000841
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Spoofing 5000841
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Spoofing 5000847
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Spoofing 5000847
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Spoofing 5000848
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Spoofing 5000848
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Spoofing 5000803
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Spoofing 5000803
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Spoofing 5000822
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Spoofing 5000822
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Spoofing 5000808
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Spoofing 5000802
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Spoofing 5000802
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26413 Ron Waisberg (@epsilan) of Okta


Ronald McClelland Jr. (Ronsor Labs) - https://undeleted.ronsor.com


CVE-2021-26415 - Windows Installer Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26415
MITRE
NVD
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26415
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Elevation of Privilege 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Elevation of Privilege 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Elevation of Privilege 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Elevation of Privilege 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26415 Adrian Denkiewicz of CLOAKED.pl working with Trend Micro's Zero Day Initiative


CVE-2021-26416 - Windows Hyper-V Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26416
MITRE
NVD
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS:

CVSS:3.0 7.7/6.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How can an attacker exploit this vulnerability?

An attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. This can cause the host OS to crash by sending specially crafted request.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26416
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Denial of Service 5000803
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Denial of Service 5000803
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Denial of Service 5000803
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26416 None

CVE-2021-26417 - Windows Overlay Filter Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26417
MITRE
NVD
CVE Title: Windows Overlay Filter Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26417
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26417 k0shl


CVE-2021-28309 - Windows Kernel Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28309
MITRE
NVD
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28309
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28309 lm0963 and hackyzh at Zion Lab of DBAppSecurity


CVE-2021-28310 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28310
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/7.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Detected No Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28310
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28310 Boris Larin (Oct0xor) of Kaspersky Lab


CVE-2021-28311 - Windows Application Compatibility Cache Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28311
MITRE
NVD
CVE Title: Windows Application Compatibility Cache Denial of Service Vulnerability
CVSS:

CVSS:3.0 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28311
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Denial of Service 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Denial of Service 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Denial of Service 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Denial of Service 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Denial of Service 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Denial of Service 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Denial of Service 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28311 lm0963 & hackyzh at Zion Lab and YanZiShuang of DBAppSecurity


CVE-2021-28312 - Windows NTFS Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28312
MITRE
NVD
CVE Title: Windows NTFS Denial of Service Vulnerability
CVSS:

CVSS:3.0 3.3/3.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityLow
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Moderate Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28312
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Moderate Denial of Service 5000822
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Moderate Denial of Service 5000822
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Moderate Denial of Service 5000822
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Moderate Denial of Service 5000808
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Moderate Denial of Service 5000808
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Moderate Denial of Service 5000808
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Moderate Denial of Service 5000802
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Moderate Denial of Service 5000802
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Moderate Denial of Service 5000802
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Moderate Denial of Service 5000802
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Moderate Denial of Service 5000802
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Moderate Denial of Service 5000802
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Moderate Denial of Service 5000822
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Moderate Denial of Service 5000822
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Moderate Denial of Service 5000808
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Moderate Denial of Service 5000802
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Moderate Denial of Service 5000802
Base: 3.3
Temporal: 3.1
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28312 None

CVE-2021-28313 - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28313
MITRE
NVD
CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28313
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Visual Studio 2015 Update 3 5001292 (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28313 Imre Rad


CVE-2021-28314 - Windows Hyper-V Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28314
MITRE
NVD
CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28314
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28314 @rezer0dai


CVE-2021-28315 - Windows Media Video Decoder Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28315
MITRE
NVD
CVE Title: Windows Media Video Decoder Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is user interaction required to exploit this vulnerability?

Yes. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28315
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28315 yangkang(@dnpushme)


CVE-2021-28316 - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28316
MITRE
NVD
CVE Title: Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
CVSS:

CVSS:3.0 4.2/3.7
Base score metrics
Attack VectorPhysical
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28316
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Security Feature Bypass 5000807 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Security Feature Bypass 5000807 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Security Feature Bypass 5000841
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Security Feature Bypass 5000841
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Security Feature Bypass 5000848
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Security Feature Bypass 5000841
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Security Feature Bypass 5000841
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Security Feature Bypass 5000847
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Security Feature Bypass 5000847
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.2
Temporal: 3.7
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28316 Matthew Johnson of The Missing Link


CVE-2021-28317 - Microsoft Windows Codecs Library Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28317
MITRE
NVD
CVE Title: Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28317
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28317 Josh Gunter, Microsoft Platform Security Assurance & Vulnerability Research


Zhangjie and willJ


CVE-2021-28318 - Windows GDI+ Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28318
MITRE
NVD
CVE Title: Windows GDI+ Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28318
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28318 Zhangjie and willJ


CVE-2021-28319 - Windows TCP/IP Driver Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28319
MITRE
NVD
CVE Title: Windows TCP/IP Driver Denial of Service Vulnerability
CVSS:

CVSS:3.0 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28319
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28319 Microsoft Platform Security Assurance & Vulnerability Research


CVE-2021-28320 - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28320
MITRE
NVD
CVE Title: Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28320
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28320 None

CVE-2021-28321 - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28321
MITRE
NVD
CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28321
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Visual Studio 2015 Update 3 5001292 (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28321 Imre Rad


CVE-2021-28322 - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28322
MITRE
NVD
CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28322
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Visual Studio 2015 Update 3 5001292 (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28322 Imre Rad


CVE-2021-28323 - Windows DNS Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28323
MITRE
NVD
CVE Title: Windows DNS Information Disclosure Vulnerability
CVSS:

CVSS:3.0 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Does this vulnerability affect both DNS Servers and DNS Clients?

Yes. This vulnerability affects both DNS client and DNS servers.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28323
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28323 Quan Luo from Codesafe Team of Legendsec at Qi'anxin Group


CVE-2021-28324 - Windows SMB Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28324
MITRE
NVD
CVE Title: Windows SMB Information Disclosure Vulnerability
CVSS:

CVSS:3.0 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28324
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28324 None

CVE-2021-28325 - Windows SMB Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28325
MITRE
NVD
CVE Title: Windows SMB Information Disclosure Vulnerability
CVSS:

CVSS:3.0 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28325
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28325 None

CVE-2021-28326 - Windows AppX Deployment Server Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28326
MITRE
NVD
CVE Title: Windows AppX Deployment Server Denial of Service Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28326
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Denial of Service 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Denial of Service 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Denial of Service 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Denial of Service 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Denial of Service 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Denial of Service 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28326 Abdelhamid Naceri (halov) working with Trend Micro's Zero Day Initiative


CVE-2021-28327 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28327
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28327
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28327 None

CVE-2021-28328 - Windows DNS Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28328
MITRE
NVD
CVE Title: Windows DNS Information Disclosure Vulnerability
CVSS:

CVSS:3.0 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28328
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28328 Quan Luo from Codesafe Team of Legendsec at Qi'anxin Group


CVE-2021-28329 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28329
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28329
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28329 Yuki Chen


CVE-2021-28330 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28330
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28330
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28330 Yuki Chen


CVE-2021-28331 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28331
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28331
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28331 Yuki Chen


CVE-2021-28332 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28332
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28332
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28332 Yuki Chen


CVE-2021-28333 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28333
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28333
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28333 Yuki Chen


CVE-2021-28334 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28334
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28334
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28334 Yuki Chen


CVE-2021-28335 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28335
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28335
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28335 Yuki Chen


CVE-2021-28336 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28336
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28336
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28336 Yuki Chen


CVE-2021-28337 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28337
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28337
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28337 Yuki Chen of Vulcan Team


CVE-2021-28338 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28338
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28338
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28338 Yuki Chen


CVE-2021-28339 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28339
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28339
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28339 Yuki Chen


CVE-2021-28340 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28340
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28340
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28340 Yuki Chen


CVE-2021-28341 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28341
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28341
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28341 Yuki Chen


CVE-2021-28342 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28342
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28342
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28342 Yuki Chen


CVE-2021-28343 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28343
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28343
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Critical Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Critical Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Critical Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Critical Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Critical Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Critical Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Critical Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Critical Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Critical Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Critical Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28343 Yuki Chen


CVE-2021-28344 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28344
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28344
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28344 Yuki Chen


CVE-2021-28345 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28345
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28345
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28345 Yuki Chen


CVE-2021-28346 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28346
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28346
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28346 Yuki Chen


CVE-2021-28347 - Windows Speech Runtime Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28347
MITRE
NVD
CVE Title: Windows Speech Runtime Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28347
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28347 Xuefeng Li (@lxf02942370) & Zhiniang Peng (@edwardzpeng) of Sangfor Lights Lab


CVE-2021-28348 - Windows GDI+ Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28348
MITRE
NVD
CVE Title: Windows GDI+ Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28348
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28348 @expend20


CVE-2021-28349 - Windows GDI+ Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28349
MITRE
NVD
CVE Title: Windows GDI+ Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28349
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28349 @expend20


CVE-2021-28350 - Windows GDI+ Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28350
MITRE
NVD
CVE Title: Windows GDI+ Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28350
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28350 @expend20


CVE-2021-28351 - Windows Speech Runtime Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28351
MITRE
NVD
CVE Title: Windows Speech Runtime Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28351
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28351 Xuefeng Li (@lxf02942370) & Zhiniang Peng (@edwardzpeng) of Sangfor Lights Lab


CVE-2021-28352 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28352
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28352
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28352 Yuki Chen


CVE-2021-28353 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28353
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28353
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28353 Yuki Chen


CVE-2021-28354 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28354
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28354
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28354 Yuki Chen


CVE-2021-28355 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28355
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28355
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28355 Yuki Chen


CVE-2021-28356 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28356
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28356
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28356 Yuki Chen


CVE-2021-28357 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28357
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28357
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28357 Yuki Chen


CVE-2021-28358 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28358
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28358
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28358 Yuki Chen


CVE-2021-28434 - Remote Procedure Call Runtime Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28434
MITRE
NVD
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28434
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Remote Code Execution 5000807 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Remote Code Execution 5000809 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28434 Yuki Chen


CVE-2021-28435 - Windows Event Tracing Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28435
MITRE
NVD
CVE Title: Windows Event Tracing Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28435
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28435 Wen


CVE-2021-28436 - Windows Speech Runtime Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28436
MITRE
NVD
CVE Title: Windows Speech Runtime Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28436
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28436 Xuefeng Li @lxf02942370) & Zhiniang Peng @edwardzpeng


CVE-2021-28437 - Windows Installer Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28437
MITRE
NVD
CVE Title: Windows Installer Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28437
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Information Disclosure 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28437 Polar Bear at Microsoft


CVE-2021-28438 - Windows Console Driver Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28438
MITRE
NVD
CVE Title: Windows Console Driver Denial of Service Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28438
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28438 vbty


k0shl


shijie xu(@ThunderJ17)


shijie xu(@ThunderJ17)


shijie xu(@ThunderJ17)


shijie xu(@ThunderJ17)


CVE-2021-28439 - Windows TCP/IP Driver Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28439
MITRE
NVD
CVE Title: Windows TCP/IP Driver Denial of Service Vulnerability
CVSS:

CVSS:3.0 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28439
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Denial of Service 5000807 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Denial of Service 5000807 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Denial of Service 5000803
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Denial of Service 5000803
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Denial of Service 5000841
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Denial of Service 5000841
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Denial of Service 5000848
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Denial of Service 5000848
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Denial of Service 5000848
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Denial of Service 5000844
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Denial of Service 5000844
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Denial of Service 5000844
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Denial of Service 5000844
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Denial of Service 5000841
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Denial of Service 5000841
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Denial of Service 5000847
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Denial of Service 5000847
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Denial of Service 5000848
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Denial of Service 5000848
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Denial of Service 5000803
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Denial of Service 5000803
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Denial of Service 5000822
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Denial of Service 5000808
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28439 None

CVE-2021-28440 - Windows Installer Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28440
MITRE
NVD
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.0/6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28440
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Elevation of Privilege 5000807 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Elevation of Privilege 5000844
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Elevation of Privilege 5000844
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Elevation of Privilege 5000844
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Elevation of Privilege 5000844
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Elevation of Privilege 5000841
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Elevation of Privilege 5000847
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Elevation of Privilege 5000848
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Elevation of Privilege 5000803
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28440 Christopher Vella, Microsoft Platform Security Assurance & Vulnerability Research


CVE-2021-28441 - Windows Hyper-V Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28441
MITRE
NVD
CVE Title: Windows Hyper-V Information Disclosure Vulnerability
CVSS:

CVSS:3.0 6.5/5.7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Guest VM to Hyper-V host server - virtualization security boundary.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28441
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28441 None

CVE-2021-28442 - Windows TCP/IP Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28442
MITRE
NVD
CVE Title: Windows TCP/IP Information Disclosure Vulnerability
CVSS:

CVSS:3.0 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28442
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Information Disclosure 5000809 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28442 None

CVE-2021-28443 - Windows Console Driver Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28443
MITRE
NVD
CVE Title: Windows Console Driver Denial of Service Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28443
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Denial of Service 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Denial of Service 5000807 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Denial of Service 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Denial of Service 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Denial of Service 5000809 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Denial of Service 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Denial of Service 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Denial of Service 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Denial of Service 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Denial of Service 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Denial of Service 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Denial of Service 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Denial of Service 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Denial of Service 5000844
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Denial of Service 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Denial of Service 5000841
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Denial of Service 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Denial of Service 5000847
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Denial of Service 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Denial of Service 5000848
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Denial of Service 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Denial of Service 5000803
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Denial of Service 5000822
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Denial of Service 5000808
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Denial of Service 5000802
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28443 nghiadt12 (@nghiadt1098) from Viettel Cyber Security


CVE-2021-28444 - Windows Hyper-V Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28444
MITRE
NVD
CVE Title: Windows Hyper-V Security Feature Bypass Vulnerability
CVSS:

CVSS:3.0 5.7/5.0
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What configurations or versions could be at risk from this vulnerability?

This bypass could affect any Hyper-V configurations that are using Router Guard.

What is the exposure if the vulnerability was bypassed?

Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router paths.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28444
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for x64-based Systems 5001340 (Security Update) Important Security Feature Bypass 5000807 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28444 Etienne Champetier (@champtar)


CVE-2021-28445 - Windows Network File System Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28445
MITRE
NVD
CVE Title: Windows Network File System Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28445
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Remote Code Execution 5000848
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Remote Code Execution 5000844
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Remote Code Execution 5000841
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Remote Code Execution 5000847
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Remote Code Execution 5000848
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Remote Code Execution 5000803
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Remote Code Execution 5000822
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Remote Code Execution 5000808
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Remote Code Execution 5000802
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28445 Liubenjin from Codesafe Team of Legendsec at Qi'anxin Group


CVE-2021-28446 - Windows Portmapping Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28446
MITRE
NVD
CVE Title: Windows Portmapping Information Disclosure Vulnerability
CVSS:

CVSS:3.0 7.1/6.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28446
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Information Disclosure 5000803
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Information Disclosure 5000822
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Information Disclosure 5000808
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Information Disclosure 5000848
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5001389 (Monthly Rollup)
5001332 (Security Only)
Important Information Disclosure 5000844
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5001335 (Monthly Rollup)
5001392 (Security Only)
Important Information Disclosure 5000841
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Information Disclosure 5000847
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Information Disclosure 5000848
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Information Disclosure 5000803
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Information Disclosure 5000803
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Information Disclosure 5000822
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Information Disclosure 5000822
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Information Disclosure 5000808
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Information Disclosure 5000802
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28446 vbty


CVE-2021-28447 - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28447
MITRE
NVD
CVE Title: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVSS:

CVSS:3.0 4.4/3.9
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28447
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5001340 (Security Update) Important Security Feature Bypass 5000807 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5001340 (Security Update) Important Security Feature Bypass 5000807 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Security Feature Bypass 5000809 Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5001382 (Monthly Rollup) Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Security Feature Bypass 5000847
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5001387 (Monthly Rollup)
5001383 (Security Only)
Important Security Feature Bypass 5000847
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5001382 (Monthly Rollup)
5001393 (Security Only)
Important Security Feature Bypass 5000848
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5001347 (Security Update) Important Security Feature Bypass 5000803
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Security Feature Bypass 5000822
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Security Feature Bypass 5000808
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Security Feature Bypass 5000802
Base: 4.4
Temporal: 3.9
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28447 Maxim Suhanov, BI.ZONE https://dfir.ru/


CVE-2021-28448 - Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28448
MITRE
NVD
CVE Title: Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


1.0    2021-04-15T07:00:00Z    

Added acknowledgements. This is an informational change only.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28448
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Visual Studio Code - Kubernetes Tools Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28448 David Dworken


Ash Fox, Google Security Team


CVE-2021-28449 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-28449
MITRE
NVD
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/7.0
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Why am I receiving notifications during file load?

Some Office files, templates, or add-ins (even ones originally obtained from Microsoft) may display a notification message. Macros, or add-ins, in those files have been disabled. Please see Side effects after you apply April 2021 security updates for Office for more information.

I'm running Office 2010 or Office 2013. Why are my add-ins such as Solver and Analysis ToolPak appearing in a different language after installing this update?

This behavior is expected after installing these updates. Please see Side effects after you apply April 2021 security updates for Office to learn the steps in order to display the desired language.

I'm running Office 2007. How do I protect myself?

Microsoft Office 2007 reached end of support on October 10, 2017. To stay supported, you will need to upgrade to a supported version of Office. If upgrading is not feasible, applying the following mitigations can help protect your system; however, they will disable multiple features in Microsoft Office. To mitigate the vulnerability, all of the following modifications must be made:

  1. Disable all macros without notification: see the Disable untrusted macros without notification section of Plan security settings for ActiveX controls, add-ins, and macros in the 2007 Office system
  2. Disable Trusted Locations: see Plan trusted locations and trusted publishers settings for the 2007 Office system
  3. Disable all Application Add-ins: see the Disable add-ins on a per-application basis section of Plan security settings for ActiveX controls, add-ins, and macros in the 2007 Office system

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-04-13T07:00:00Z    

Information published.


1.1    2021-04-27T07:00:00Z    

Updated acknowledgment.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-28449
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Microsoft Excel 2010 Service Pack 2 (32-bit editions) 3017810 (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Excel 2010 Service Pack 2 (64-bit editions) 3017810 (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Excel 2013 RT Service Pack 1 4504735 (Security Update) Important Remote Code Execution 4493239 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4504735 (Security Update) Important Remote Code Execution 4493239 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4504735 (Security Update) Important Remote Code Execution 4493239 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Excel 2016 (32-bit edition) 4504721 (Security Update) Important Remote Code Execution 4493233 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Excel 2016 (64-bit edition) 4504721 (Security Update) Important Remote Code Execution 4493233 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 2553491 (Security Update)
2589361 (Security Update)
4504738 (Security Update)
Important Remote Code Execution
4504703
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 2553491 (Security Update)
2589361 (Security Update)
4504738 (Security Update)
Important Remote Code Execution
4504703
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Office 2013 RT Service Pack 1 4504726 (Security Update) Important Remote Code Execution 4493228 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4504726 (Security Update)
3178643 (Security Update)
3178639 (Security Update)
Important Remote Code Execution 4493228
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4504726 (Security Update)
3178643 (Security Update)
3178639 (Security Update)
Important Remote Code Execution 4493228
Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Office 2016 (32-bit edition) 4504722 (Security Update) Important Remote Code Execution 4493225 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Office 2016 (64-bit edition) 4504722 (Security Update) Important Remote Code Execution 4493225 Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 7.0
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-28449
  • Dima van de Wouw - Outflank
  • Pieter Ceelen - Outflank
  • Outflank



  • Nathan Shomber of Microsoft


    CVE-2021-28450 - Microsoft SharePoint Denial of Service Update

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28450
    MITRE
    NVD
    CVE Title: Microsoft SharePoint Denial of Service Update
    CVSS:

    CVSS:3.0 5.0/4.4
    Base score metrics
    Attack VectorNetwork
    Attack ComplexityLow
    Privileges RequiredLow
    User InteractionNone
    ScopeChanged
    ConfidentialityNone
    IntegrityNone
    AvailabilityLow
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Denial of Service

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28450
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4493170 (Security Update) Important Denial of Service 4486723 Base: 5.0
    Temporal: 4.4
    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C
    Maybe
    Microsoft SharePoint Enterprise Server 2016 4504719 (Security Update) Important Denial of Service 4493232 Base: 5.0
    Temporal: 4.4
    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C
    Maybe
    Microsoft SharePoint Foundation 2010 Service Pack 2 4504709 (Security Update) Important Denial of Service 4493223 Base: 5.0
    Temporal: 4.4
    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C
    Maybe
    Microsoft SharePoint Server 2019 4504716 (Security Update) Important Denial of Service 4493230
    Base: 5.0
    Temporal: 4.4
    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28450 Yuhao Weng (@cjm00nw) of Sangfor & Steven Seeley (@ϻг_ϻε) & Zhiniang Peng(@edwardzpeng


    CVE-2021-28451 - Microsoft Excel Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28451
    MITRE
    NVD
    CVE Title: Microsoft Excel Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Is the Preview Pane an attack vector for this vulnerability?

    No, the Preview Pane is not an attack vector.


    According to the CVSS, User Interaction is Required. What interaction would the user have to do?

    Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.

    • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

    An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28451
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft Excel 2013 RT Service Pack 1 4504735 (Security Update) Important Remote Code Execution 4493239 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4504735 (Security Update) Important Remote Code Execution 4493239 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4504735 (Security Update) Important Remote Code Execution 4493239 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Excel 2016 (32-bit edition) 4504721 (Security Update) Important Remote Code Execution 4493233 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Excel 2016 (64-bit edition) 4504721 (Security Update) Important Remote Code Execution 4493233 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft Office 2019 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft Office Online Server 4504714 (Security Update) Important Remote Code Execution 4493229 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Office Web Apps Server 2013 Service Pack 1 4504729 (Security Update) Important Remote Code Execution 4493234 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28451 kdot


    CVE-2021-28452 - Microsoft Outlook Memory Corruption Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28452
    MITRE
    NVD
    CVE Title: Microsoft Outlook Memory Corruption Vulnerability
    CVSS:

    CVSS:3.0 7.1/6.2
    Base score metrics
    Attack VectorNetwork
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeChanged
    ConfidentialityLow
    IntegrityLow
    AvailabilityLow
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Is the Preview Pane an attack vector for this vulnerability?

    No, the Preview Pane is not an attack vector.


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28452
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    No
    Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    No
    Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    No
    Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    No
    Microsoft Outlook 2010 Service Pack 2 (32-bit editions) 4493185 (Security Update) Important Remote Code Execution 4486742 Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    Maybe
    Microsoft Outlook 2010 Service Pack 2 (64-bit editions) 4493185 (Security Update) Important Remote Code Execution 4486742 Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    Maybe
    Microsoft Outlook 2013 RT Service Pack 1 4493185 (Security Update) Important Remote Code Execution 4486742 Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    Maybe
    Microsoft Outlook 2013 Service Pack 1 (32-bit editions) 4504733 (Security Update) Important Remote Code Execution 4486732 Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    Maybe
    Microsoft Outlook 2013 Service Pack 1 (64-bit editions) 4504733 (Security Update) Important Remote Code Execution 4486732 Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    Maybe
    Microsoft Outlook 2016 (32-bit edition) 4504712 (Security Update) Important Remote Code Execution 4486748 Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    Maybe
    Microsoft Outlook 2016 (64-bit edition) 4504712 (Security Update) Important Remote Code Execution 4486748 Base: 7.1
    Temporal: 6.2
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28452 hackyzh and lm0963 of DBAppSecurity Zion Lab


    CVE-2021-28453 - Microsoft Word Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28453
    MITRE
    NVD
    CVE Title: Microsoft Word Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Is the Preview Pane an attack vector for this vulnerability?

    No, the Preview Pane is not an attack vector.


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    1.1    2021-04-19T07:00:00Z    

    Added acknowledgements. This is an informational change only.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28453
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft Office 2010 Service Pack 2 (32-bit editions) 4493215 (Security Update) Important Remote Code Execution 4493142 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Office 2010 Service Pack 2 (64-bit editions) 4493215 (Security Update) Important Remote Code Execution 4493142 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft Office 2019 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    No
    Microsoft Office Online Server 4504714 (Security Update) Important Remote Code Execution 4493229 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Office Web Apps 2010 Service Pack 2 4504705 (Security Update) Important Remote Code Execution 4493183 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Office Web Apps Server 2013 Service Pack 1 4504729 (Security Update) Important Remote Code Execution 4493234 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4493201 (Security Update) Important Remote Code Execution 4486683 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft SharePoint Enterprise Server 2016 4504719 (Security Update)
    4504723 (Security Update)
    Important Remote Code Execution 4493232
    4493199
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft SharePoint Server 2010 Service Pack 2 4504701 (Security Update) Important Remote Code Execution 4493178 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft SharePoint Server 2019 4504716 (Security Update)
    4504715 (Security Update)
    Important Remote Code Execution 4493230

    4493231
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Word 2010 Service Pack 2 (32-bit editions) 4493218 (Security Update) Important Remote Code Execution 4493145 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Word 2010 Service Pack 2 (64-bit editions) 4493218 (Security Update) Important Remote Code Execution 4493145 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Word 2013 RT Service Pack 1 4493208 (Security Update) Important Remote Code Execution 4486764 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Word 2013 Service Pack 1 (32-bit editions) 4493208 (Security Update) Important Remote Code Execution 4486764 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Word 2013 Service Pack 1 (64-bit editions) 4493208 (Security Update) Important Remote Code Execution 4486764 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Word 2016 (32-bit edition) 4493198 (Security Update) Important Remote Code Execution 4493156 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe
    Microsoft Word 2016 (64-bit edition) 4493198 (Security Update) Important Remote Code Execution 4493156 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28453 kdot working with Trend Micro Zero Day Initiative


    CVE-2021-28454 - Microsoft Excel Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28454
    MITRE
    NVD
    CVE Title: Microsoft Excel Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/7.0
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityProof-of-Concept
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Is the Preview Pane an attack vector for this vulnerability?

    No, the Preview Pane is not an attack vector.


    According to the CVSS, User Interaction is Required. What interaction would the user have to do?

    Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.

    • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

    An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    1.1    2021-04-15T07:00:00Z    

    Added acknowledgements. This is an informational change only.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28454
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    No
    Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    No
    Microsoft Excel 2010 Service Pack 2 (32-bit editions) 3017810 (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2010 Service Pack 2 (64-bit editions) 3017810 (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2013 RT Service Pack 1 4504735 (Security Update) Important Remote Code Execution 4493239 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4504735 (Security Update) Important Remote Code Execution 4493239 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4504735 (Security Update) Important Remote Code Execution 4493239 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2016 (32-bit edition) 4504721 (Security Update) Important Remote Code Execution 4493233 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2016 (64-bit edition) 4504721 (Security Update) Important Remote Code Execution 4493233 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Office 2010 Service Pack 2 (32-bit editions) 4504739 (Security Update) Important Remote Code Execution 4493214 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Office 2010 Service Pack 2 (64-bit editions) 4504739 (Security Update) Important Remote Code Execution 4493214 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Office 2013 RT Service Pack 1 4504727 (Security Update) Important Remote Code Execution 4493203 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Office 2013 Service Pack 1 (32-bit editions) 4504727 (Security Update) Important Remote Code Execution 4493203 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Office 2013 Service Pack 1 (64-bit editions) 4504727 (Security Update) Important Remote Code Execution 4493203 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Office 2016 (32-bit edition) 4504724 (Security Update) Important Remote Code Execution 4493200 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Office 2016 (64-bit edition) 4504724 (Security Update) Important Remote Code Execution 4493200 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    No
    Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    No
    Microsoft Office Online Server 4504714 (Security Update) Important Remote Code Execution 4493229 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Office Web Apps Server 2013 Service Pack 1 4504729 (Security Update) Important Remote Code Execution 4493234 Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28454 AIOFuzzer Working with Trend Micro Zero Day Initiative


    CVE-2021-28456 - Microsoft Excel Information Disclosure Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28456
    MITRE
    NVD
    CVE Title: Microsoft Excel Information Disclosure Vulnerability
    CVSS:

    CVSS:3.0 5.5/5.0
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityNone
    AvailabilityNone
    Temporal score metrics
    Exploit Code MaturityProof-of-Concept
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Is the Preview Pane an attack vector for this vulnerability?

    No, the Preview Pane is not an attack vector.


    What type of information could be disclosed by this vulnerability?

    The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.


    According to the CVSS, User Interaction is Required. What interaction would the user have to do?

    Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.

    • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

    An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Information Disclosure

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28456
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    No
    Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Information Disclosure None Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    No
    Microsoft Excel 2010 Service Pack 2 (32-bit editions) 3017810 (Security Update) Important Information Disclosure None Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2010 Service Pack 2 (64-bit editions) 3017810 (Security Update) Important Information Disclosure None Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2013 RT Service Pack 1 4504735 (Security Update) Important Information Disclosure 4493239 Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2013 Service Pack 1 (32-bit editions) 4504735 (Security Update) Important Information Disclosure 4493239 Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2013 Service Pack 1 (64-bit editions) 4504735 (Security Update) Important Information Disclosure 4493239 Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2016 (32-bit edition) 4504721 (Security Update) Important Information Disclosure 4493233 Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    Maybe
    Microsoft Excel 2016 (64-bit edition) 4504721 (Security Update) Important Information Disclosure 4493233 Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    Maybe
    Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    No
    Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Information Disclosure None Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    No
    Microsoft Office 2019 for Mac Release Notes (Security Update) Important Information Disclosure None Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    No
    Microsoft Office Online Server 4504714 (Security Update) Important Information Disclosure 4493229 Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    Maybe
    Microsoft Office Web Apps Server 2013 Service Pack 1 4504729 (Security Update) Important Information Disclosure 4493234 Base: 5.5
    Temporal: 5.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28456 Zhangjie and willJ from cdsrc


    CVE-2021-28457 - Visual Studio Code Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28457
    MITRE
    NVD
    CVE Title: Visual Studio Code Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28457
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Visual Studio Code Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28457 RyotaK (@ryotkak)


    CVE-2021-28458 - Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28458
    MITRE
    NVD
    CVE Title: Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
    CVSS:

    CVSS:3.0 7.8/7.0
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredLow
    User InteractionNone
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityProof-of-Concept
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Elevation of Privilege

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely Yes No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28458
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    @azure/ms-rest-nodeauth Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28458 None

    CVE-2021-28459 - Azure DevOps Server Spoofing Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28459
    MITRE
    NVD
    CVE Title: Azure DevOps Server Spoofing Vulnerability
    CVSS:

    CVSS:3.0 6.1/5.3
    Base score metrics
    Attack VectorNetwork
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeChanged
    ConfidentialityLow
    IntegrityLow
    AvailabilityNone
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Spoofing

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28459
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Azure DevOps Server 2020.0.1 Release Notes (Security Update) Important Spoofing None Base: 6.1
    Temporal: 5.3
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28459 Li of SEC Consult Deutschland Unternehmensberatung GmbH


    CVE-2021-28460 - Azure Sphere Unsigned Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28460
    MITRE
    NVD
    CVE Title: Azure Sphere Unsigned Code Execution Vulnerability
    CVSS:

    CVSS:3.0 8.1/7.3
    Base score metrics
    Attack VectorLocal
    Attack ComplexityHigh
    Privileges RequiredNone
    User InteractionNone
    ScopeChanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityProof-of-Concept
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    What version of Azure Sphere has the update that protects from this vulnerability?

    All versions of Azure Sphere that are 21.03 and higher are protected from this vulnerability.

    How do I ensure my Azure Sphere device has the update?

    If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.03 has been installed using the Azure Sphere CLI command:

    azsphere device show-os-version

    If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:

    azsphere device show-deployment-status

    Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability?

    An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Critical Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28460
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Azure Sphere Critical Remote Code Execution None Base: 8.1
    Temporal: 7.3
    Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28460 None

    CVE-2021-28469 - Visual Studio Code Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28469
    MITRE
    NVD
    CVE Title: Visual Studio Code Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28469
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Visual Studio Code Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28469 RyotaK


    CVE-2021-28470 - Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28470
    MITRE
    NVD
    CVE Title: Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28470
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Visual Studio Code - GitHub Pull Requests and Issues Extension Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28470 RyotaK


    CVE-2021-28471 - Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28471
    MITRE
    NVD
    CVE Title: Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28471
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Visual Studio Code Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28471 RyotaK (@ryotkak)


    CVE-2021-28472 - Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28472
    MITRE
    NVD
    CVE Title: Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28472
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Visual Studio Code - Maven for Java Extension Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28472 Kc Udonsi (@glitchnsec) of Trend Micro


    Kc Udonsi (@glitchnsec) of Trend Micro


    Kc Udonsi (@glitchnsec) of Trend Micro


    Kc Udonsi (@glitchnsec) of Trend Micro


    CVE-2021-28475 - Visual Studio Code Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28475
    MITRE
    NVD
    CVE Title: Visual Studio Code Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28475
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Visual Studio Code Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28475 RyotaK (@ryotkak)


    CVE-2021-28477 - Visual Studio Code Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28477
    MITRE
    NVD
    CVE Title: Visual Studio Code Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.0/6.1
    Base score metrics
    Attack VectorLocal
    Attack ComplexityHigh
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28477
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Visual Studio Code Release Notes (Security Update) Important Remote Code Execution None Base: 7.0
    Temporal: 6.1
    Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28477 RyotaK


    CVE-2021-28480 - Microsoft Exchange Server Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28480
    MITRE
    NVD
    CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 9.8/8.5
    Base score metrics
    Attack VectorNetwork
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionNone
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Where can I find more information about protecting myself from this vulnerability?

    Please see the MSRC Blog Post April 2021 Update Tuesday packages now available for more information.


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Critical Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation More Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28480
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Exchange Server 2013 Cumulative Update 23 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2016 Cumulative Update 19 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2016 Cumulative Update 20 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2019 Cumulative Update 8 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2019 Cumulative Update 9 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28480 National Security Agency


    Microsoft Security Team


    CVE-2021-28481 - Microsoft Exchange Server Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28481
    MITRE
    NVD
    CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 9.8/8.5
    Base score metrics
    Attack VectorNetwork
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionNone
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Where can I find more information about protecting myself from this vulnerability?

    Please see the MSRC Blog Post April 2021 Update Tuesday packages now available for more information.


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Critical Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation More Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28481
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Exchange Server 2013 Cumulative Update 23 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2016 Cumulative Update 19 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2016 Cumulative Update 20 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2019 Cumulative Update 8 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2019 Cumulative Update 9 5001779 (Security Update) Critical Remote Code Execution Base: 9.8
    Temporal: 8.5
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28481 National Security Agency


    Microsoft Security Team


    CVE-2021-28482 - Microsoft Exchange Server Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28482
    MITRE
    NVD
    CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 8.8/7.7
    Base score metrics
    Attack VectorNetwork
    Attack ComplexityLow
    Privileges RequiredLow
    User InteractionNone
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Where can I find more information about protecting myself from this vulnerability?

    Please see the MSRC Blog Post April 2021 Update Tuesday packages now available for more information.


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Critical Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation More Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28482
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Exchange Server 2013 Cumulative Update 23 5001779 (Security Update) Critical Remote Code Execution Base: 8.8
    Temporal: 7.7
    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2016 Cumulative Update 19 5001779 (Security Update) Critical Remote Code Execution Base: 8.8
    Temporal: 7.7
    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2016 Cumulative Update 20 5001779 (Security Update) Critical Remote Code Execution Base: 8.8
    Temporal: 7.7
    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2019 Cumulative Update 8 5001779 (Security Update) Critical Remote Code Execution Base: 8.8
    Temporal: 7.7
    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2019 Cumulative Update 9 5001779 (Security Update) Critical Remote Code Execution Base: 8.8
    Temporal: 7.7
    Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28482 National Security Agency


    CVE-2021-28483 - Microsoft Exchange Server Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28483
    MITRE
    NVD
    CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 9.0/7.8
    Base score metrics
    Attack VectorAdjacent
    Attack ComplexityLow
    Privileges RequiredLow
    User InteractionNone
    ScopeChanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Where can I find more information about protecting myself from this vulnerability?

    Please see the MSRC Blog Post April 2021 Update Tuesday packages now available for more information.


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Critical Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation More Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28483
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Exchange Server 2013 Cumulative Update 23 5001779 (Security Update) Critical Remote Code Execution Base: 9.0
    Temporal: 7.8
    Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2016 Cumulative Update 19 5001779 (Security Update) Critical Remote Code Execution Base: 9.0
    Temporal: 7.8
    Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2016 Cumulative Update 20 5001779 (Security Update) Critical Remote Code Execution Base: 9.0
    Temporal: 7.8
    Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2019 Cumulative Update 8 5001779 (Security Update) Critical Remote Code Execution Base: 9.0
    Temporal: 7.8
    Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Microsoft Exchange Server 2019 Cumulative Update 9 5001779 (Security Update) Critical Remote Code Execution Base: 9.0
    Temporal: 7.8
    Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28483 National Security Agency


    CVE-2021-27064 - Visual Studio Installer Elevation of Privilege Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-27064
    MITRE
    NVD
    CVE Title: Visual Studio Installer Elevation of Privilege Vulnerability
    CVSS:

    CVSS:3.0 7.8/7.0
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredLow
    User InteractionNone
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityProof-of-Concept
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Elevation of Privilege

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-27064
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe
    Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
    Temporal: 7.0
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-27064 Lockheed Martin Red Team


    CVE-2021-27086 - Windows Services and Controller App Elevation of Privilege Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-27086
    MITRE
    NVD
    CVE Title: Windows Services and Controller App Elevation of Privilege Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredLow
    User InteractionNone
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Elevation of Privilege

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-27086
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Windows 10 Version 1803 for 32-bit Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 1803 for ARM64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 1803 for x64-based Systems 5001339 (Security Update) Important Elevation of Privilege 5000809 Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 1809 for 32-bit Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 1809 for ARM64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 1809 for x64-based Systems 5001342 (Security Update) Important Elevation of Privilege 5000822
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 1909 for 32-bit Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 1909 for ARM64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 1909 for x64-based Systems 5001337 (Security Update) Important Elevation of Privilege 5000808
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 2004 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 2004 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 2004 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 20H2 for 32-bit Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 20H2 for ARM64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows 10 Version 20H2 for x64-based Systems 5001330 (Security Update) Important Elevation of Privilege 5000802
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows Server 2019 5001342 (Security Update) Important Elevation of Privilege 5000822
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows Server 2019 (Server Core installation) 5001342 (Security Update) Important Elevation of Privilege 5000822
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows Server, version 1909 (Server Core installation) 5001337 (Security Update) Important Elevation of Privilege 5000808
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows Server, version 2004 (Server Core installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes
    Windows Server, version 20H2 (Server Core Installation) 5001330 (Security Update) Important Elevation of Privilege 5000802
    Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Yes

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-27086 James Forshaw of Google Project Zero


    CVE-2021-28464 - VP9 Video Extensions Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28464
    MITRE
    NVD
    CVE Title: VP9 Video Extensions Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    How do I get the updated app?

    The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.

    It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.

    My system is in a disconnected environment; is it vulnerable?

    Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.

    How can I check if the update is installed?

    App package versions 1.0.40631.0 and later contain this update.

    You can check the package version in PowerShell:

    Get-AppxPackage -Name Microsoft.VP9VideoExtensions


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28464
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    VP9 Video Extensions Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28464 Le Huu Quang Linh (@linhlhq) from Vietnam National Cyber Security Center (NCSC Vietnam)


    jackery


    CVE-2021-28466 - Raw Image Extension Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28466
    MITRE
    NVD
    CVE Title: Raw Image Extension Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Is Windows vulnerable in the default configuration?

    No. Only customers who have installed this app from the Microsoft Store may be vulnerable.

    How do I get the updated app?

    The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.

    It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.

    My system is in a disconnected environment; is it vulnerable?

    Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.

    How can I check if the update is installed?

    App package versions 1.0.40392.0 and later contain this update.

    You can check the package version in PowerShell:

    Get-AppxPackage -Name Microsoft.RawImageExtension


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28466
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Raw Image Extension Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28466 Wenguang Jiao


    Zhihua Yao, lm0963 and CSZQ of DBAPPSecurity Zion Lab


    CVE-2021-28468 - Raw Image Extension Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28468
    MITRE
    NVD
    CVE Title: Raw Image Extension Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:

    Is Windows vulnerable in the default configuration?

    No. Only customers who have installed this app from the Microsoft Store may be vulnerable.

    How do I get the updated app?

    The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.

    It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.

    My system is in a disconnected environment; is it vulnerable?

    Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.

    How can I check if the update is installed?

    App package versions 1.0.40392.0 and later contain this update.

    You can check the package version in PowerShell:

    Get-AppxPackage -Name Microsoft.RawImageExtension


    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28468
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Raw Image Extension Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28468 Wenguang Jiao working with Trend Micro Zero Day Initiative


    CVE-2021-28473 - Visual Studio Code Remote Code Execution Vulnerability

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-28473
    MITRE
    NVD
    CVE Title: Visual Studio Code Remote Code Execution Vulnerability
    CVSS:

    CVSS:3.0 7.8/6.8
    Base score metrics
    Attack VectorLocal
    Attack ComplexityLow
    Privileges RequiredNone
    User InteractionRequired
    ScopeUnchanged
    ConfidentialityHigh
    IntegrityHigh
    AvailabilityHigh
    Temporal score metrics
    Exploit Code MaturityUnproven
    Remediation LevelOfficial Fix
    Report ConfidenceConfirmed

    FAQ:
    None
    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-13T07:00:00Z    

    Information published.


    Important Remote Code Execution

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Exploitation Less Likely No No

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-28473
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Visual Studio Code Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
    Temporal: 6.8
    Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
    Maybe

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-28473 RyotaK (@ryotkak)


    CVE-2021-21194 - Chromium: CVE-2021-21194 Use after free in screen capture

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21194
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21194 Use after free in screen capture
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    89.0.774.68 4/1/2021 89.0.4389.114

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-01T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21194
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21194 None

    CVE-2021-21195 - Chromium: CVE-2021-21195 Use after free in V8

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21195
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21195 Use after free in V8
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    89.0.774.68 4/1/2021 89.0.4389.114

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-01T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21195
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21195 None

    CVE-2021-21196 - Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21196
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    89.0.774.68 4/1/2021 89.0.4389.114

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-01T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21196
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21196 None

    CVE-2021-21197 - Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21197
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    89.0.774.68 4/1/2021 89.0.4389.114

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-01T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21197
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21197 None

    CVE-2021-21198 - Chromium: CVE-2021-21198 Out of bounds read in IPC

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21198
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21198 Out of bounds read in IPC
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    89.0.774.68 4/1/2021 89.0.4389.114

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-01T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21198
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21198 None

    CVE-2021-21199 - Chromium: CVE-2021-21199 Use Use after free in Aura

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21199
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21199 Use Use after free in Aura
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    89.0.774.68 4/1/2021 89.0.4389.114

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-01T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21199
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21199 None

    CVE-2021-21206 - Chromium: CVE-2021-21206 Use after free in Blink

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21206
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21206 Use after free in Blink
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    89.0.774.77 4/14/2021 89.0.4389.128

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-14T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21206
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21206 None

    CVE-2021-21220 - Chromium: CVE-2021-21220 Insufficient validation of untrusted input in V8 for x86_64

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21220
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21220 Insufficient validation of untrusted input in V8 for x86_64
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    89.0.774.77 4/14/2021 89.0.4389.128

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-14T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21220
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21220 None

    CVE-2021-21222 - Chromium: CVE-2021-21222 Heap buffer overflow in V8

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21222
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21222 Heap buffer overflow in V8
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.46 4/15/2021 90.0.4430.85

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-22T20:16:13Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21222
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21222 None

    CVE-2021-21223 - Chromium: CVE-2021-21223 Integer overflow in Mojo

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21223
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21223 Integer overflow in Mojo
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.46 4/15/2021 90.0.4430.85

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-22T20:16:15Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21223
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21223 None

    CVE-2021-21225 - Chromium: CVE-2021-21225 Out of bounds memory access in V8

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21225
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21225 Out of bounds memory access in V8
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.46 4/15/2021 90.0.4430.85

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-22T20:16:15Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21225
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21225 None

    CVE-2021-21226 - Chromium: CVE-2021-21226 Use after free in navigation

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21226
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21226 Use after free in navigation
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.46 4/15/2021 90.0.4430.85

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-22T20:16:16Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21226
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21226 None

    CVE-2021-21224 - Chromium: CVE-2021-21224 Type Confusion in V8

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21224
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21224 Type Confusion in V8
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.46 4/15/2021 90.0.4430.85

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-22T20:16:16Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21224
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21224 None

    CVE-2021-21227 - Chromium: CVE-2021-21227 Insufficient data validation in V8

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21227
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21227 Insufficient data validation in V8
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.51 4/29/2021 90.0.4430.93

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-29T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21227
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21227 None

    CVE-2021-21232 - Chromium: CVE-2021-21232 Use after free in Dev Tools

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21232
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21232 Use after free in Dev Tools
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.51 4/29/2021 90.0.4430.93

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-29T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21232
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21232 None

    CVE-2021-21233 - Chromium: CVE-2021-21233 Heap buffer overflow in ANGLE

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21233
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21233 Heap buffer overflow in ANGLE
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.51 4/29/2021 90.0.4430.93

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-29T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21233
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21233 None

    CVE-2021-21228 - Chromium: CVE-2021-21228 Insufficient policy enforcement in extensions

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21228
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21228 Insufficient policy enforcement in extensions
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.51 4/29/2021 90.0.4430.93

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-29T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21228
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21228 None

    CVE-2021-21229 - Chromium: CVE-2021-21229 Incorrect security UI in downloads

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21229
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21229 Incorrect security UI in downloads
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.51 4/29/2021 90.0.4430.93

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-29T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21229
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21229 None

    CVE-2021-21230 - Chromium: CVE-2021-21230 Type Confusion in V8

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21230
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21230 Type Confusion in V8
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.51 4/29/2021 90.0.4430.93

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-29T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21230
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21230 None

    CVE-2021-21231 - Chromium: CVE-2021-21231 Insufficient data validation in V8

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21231
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21231 Insufficient data validation in V8
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.51 4/29/2021 90.0.4430.93

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-29T07:00:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21231
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21231 None

    CVE-2021-21201 - Chromium: CVE-2021-21201 Use after free in permissions

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21201
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21201 Use after free in permissions
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:00Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21201
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21201 None

    CVE-2021-21202 - Chromium: CVE-2021-21202 Use after free in extensions

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21202
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21202 Use after free in extensions
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:01Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21202
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21202 None

    CVE-2021-21203 - Chromium: CVE-2021-21203 Use after free in Blink

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21203
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21203 Use after free in Blink
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:02Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21203
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21203 None

    CVE-2021-21204 - Chromium: CVE-2021-21204 Use after free in Blink

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21204
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21204 Use after free in Blink
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:02Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21204
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21204 None

    CVE-2021-21205 - Chromium: CVE-2021-21205 Insufficient policy enforcement in navigation

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21205
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21205 Insufficient policy enforcement in navigation
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:03Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21205
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21205 None

    CVE-2021-21221 - Chromium: CVE-2021-21221 Insufficient validation of untrusted input in Mojo

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21221
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21221 Insufficient validation of untrusted input in Mojo
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:03Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21221
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21221 None

    CVE-2021-21207 - Chromium: CVE-2021-21207 Use after free in IndexedDB

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21207
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21207 Use after free in IndexedDB
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:04Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21207
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21207 None

    CVE-2021-21208 - Chromium: CVE-2021-21208 Insufficient data validation in QR scanner

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21208
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21208 Insufficient data validation in QR scanner
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:04Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21208
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21208 None

    CVE-2021-21209 - Chromium: CVE-2021-21209 Inappropriate implementation in storage

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21209
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21209 Inappropriate implementation in storage
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:05Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21209
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21209 None

    CVE-2021-21210 - Chromium: CVE-2021-21210 Inappropriate implementation in Network

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21210
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21210 Inappropriate implementation in Network
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:05Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21210
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21210 None

    CVE-2021-21211 - Chromium: CVE-2021-21211 Inappropriate implementation in Navigation

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21211
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21211 Inappropriate implementation in Navigation
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:06Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21211
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21211 None

    CVE-2021-21212 - Chromium: CVE-2021-21212 Incorrect security UI in Network Config UI

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21212
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21212 Incorrect security UI in Network Config UI
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:06Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21212
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21212 None

    CVE-2021-21213 - Chromium: CVE-2021-21213 Use after free in WebMIDI

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21213
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21213 Use after free in WebMIDI
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:06Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21213
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21213 None

    CVE-2021-21214 - Chromium: CVE-2021-21214 Use after free in Network API

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21214
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21214 Use after free in Network API
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:07Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21214
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21214 None

    CVE-2021-21215 - Chromium: CVE-2021-21215 Inappropriate implementation in Autofill

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21215
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21215 Inappropriate implementation in Autofill
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:07Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21215
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21215 None

    CVE-2021-21216 - Chromium: CVE-2021-21216 Inappropriate implementation in Autofill

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21216
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21216 Inappropriate implementation in Autofill
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:08Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21216
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21216 None

    CVE-2021-21217 - Chromium: CVE-2021-21217 Uninitialized Use in PDFium

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21217
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21217 Uninitialized Use in PDFium
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:08Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21217
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21217 None

    CVE-2021-21218 - Chromium: CVE-2021-21218 Uninitialized Use in PDFium

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21218
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21218 Uninitialized Use in PDFium
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:09Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21218
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21218 None

    CVE-2021-21219 - Chromium: CVE-2021-21219 Uninitialized Use in PDFium

    (top)
    CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
    CVE-2021-21219
    MITRE
    NVD
    CVE Title: Chromium: CVE-2021-21219 Uninitialized Use in PDFium
    CVSS:
    None
    FAQ:

    What is the version information for this release?

    Microsoft Edge Version Date Released Based on Chromium Version
    90.0.818.39 4/15/2021 90.0.4430.72

    Why is this Chrome CVE included in the Security Update Guide?

    The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

    How can I see the version of the browser?

    1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
    2. Click on Help and Feedback
    3. Click on About Microsoft Edge

    Mitigations:
    None
    Workarounds:
    None
    Revision:
    1.0    2021-04-15T18:40:09Z    

    Information published.


    Unknown Unknown

    Exploitability Index

    The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

    Exploitability Assessment Publicly Disclosed Exploited
    Not Found Not Found Not Found

    Affected Software

    The following tables list the affected software details for the vulnerability.

    CVE-2021-21219
    Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
    Microsoft Edge (Chromium-based) Unknown Unknown None Base: N/A
    Temporal: N/A
    Vector: N/A
    Unknown

    Acknowledgements

    CVE ID Acknowledgements
    CVE-2021-21219 None